[PM-1033] feat: auto accept invitation when enrolling into password reset

2025-07-01 16:12:49 -05:00 · 2023-06-28 14:48:12 +02:00
parent b0392972fd
commit b7ca8d09a1
3 changed files with 28 additions and 4 deletions
--- a/src/Api/Controllers/OrganizationUsersController.cs
+++ b/src/Api/Controllers/OrganizationUsersController.cs
@ -213,7 +213,7 @@ public class OrganizationUsersController : Controller

        if (useMasterPasswordPolicy)
        {
-            await _organizationService.UpdateUserResetPasswordEnrollmentAsync(orgId, user.Id, model.ResetPasswordKey, user.Id);
+            await _organizationService.UpdateUserResetPasswordEnrollmentAsync(orgId, user.Id, model.ResetPasswordKey, _userService, user.Id);
        }
    }

@ -315,7 +315,7 @@ public class OrganizationUsersController : Controller

        var callingUserId = user.Id;
        await _organizationService.UpdateUserResetPasswordEnrollmentAsync(
-            new Guid(orgId), new Guid(userId), model.ResetPasswordKey, callingUserId);
+            new Guid(orgId), new Guid(userId), model.ResetPasswordKey, _userService, callingUserId);
    }

    [HttpPut("{id}/reset-password")]
--- a/src/Core/Services/IOrganizationService.cs
+++ b/src/Core/Services/IOrganizationService.cs
@ -55,7 +55,7 @@ public interface IOrganizationService
    Task<List<Tuple<OrganizationUser, string>>> DeleteUsersAsync(Guid organizationId,
        IEnumerable<Guid> organizationUserIds, Guid? deletingUserId);
    Task UpdateUserGroupsAsync(OrganizationUser organizationUser, IEnumerable<Guid> groupIds, Guid? loggedInUserId);
-    Task UpdateUserResetPasswordEnrollmentAsync(Guid organizationId, Guid userId, string resetPasswordKey, Guid? callingUserId);
+    Task UpdateUserResetPasswordEnrollmentAsync(Guid organizationId, Guid userId, string resetPasswordKey, IUserService userService, Guid? callingUserId);
    Task ImportAsync(Guid organizationId, Guid? importingUserId, IEnumerable<ImportedGroup> groups,
        IEnumerable<ImportedOrganizationUser> newUsers, IEnumerable<string> removeUserExternalIds,
        bool overwriteExisting);
--- a/src/Core/Services/Implementations/OrganizationService.cs
+++ b/src/Core/Services/Implementations/OrganizationService.cs
@ -1269,6 +1269,24 @@ public class OrganizationService : IOrganizationService
        return await AcceptUserAsync(orgUser, user, userService);
    }

+    public async Task<OrganizationUser> AcceptUserAsync(Guid organizationId, User user, IUserService userService)
+    {
+        var org = await _organizationRepository.GetByIdAsync(organizationId);
+        if (org == null)
+        {
+            throw new BadRequestException("Organization invalid.");
+        }
+
+        var usersOrgs = await _organizationUserRepository.GetManyByUserAsync(user.Id);
+        var orgUser = usersOrgs.FirstOrDefault(u => u.OrganizationId == org.Id);
+        if (orgUser == null)
+        {
+            throw new BadRequestException("User not found within organization.");
+        }
+
+        return await AcceptUserAsync(orgUser, user, userService);
+    }
+
    private async Task<OrganizationUser> AcceptUserAsync(OrganizationUser orgUser, User user,
        IUserService userService)
    {
@ -1716,7 +1734,7 @@ public class OrganizationService : IOrganizationService
            EventType.OrganizationUser_UpdatedGroups);
    }

-    public async Task UpdateUserResetPasswordEnrollmentAsync(Guid organizationId, Guid userId, string resetPasswordKey, Guid? callingUserId)
+    public async Task UpdateUserResetPasswordEnrollmentAsync(Guid organizationId, Guid userId, string resetPasswordKey, IUserService userService, Guid? callingUserId)
    {
        // Org User must be the same as the calling user and the organization ID associated with the user must match passed org ID
        var orgUser = await _organizationUserRepository.GetByOrganizationAsync(organizationId, userId);
@ -1756,6 +1774,12 @@ public class OrganizationService : IOrganizationService
        await _organizationUserRepository.ReplaceAsync(orgUser);
        await _eventService.LogOrganizationUserEventAsync(orgUser, resetPasswordKey != null ?
            EventType.OrganizationUser_ResetPassword_Enroll : EventType.OrganizationUser_ResetPassword_Withdraw);
+
+        if (orgUser.Status == OrganizationUserStatusType.Invited)
+        {
+            var user = await _userRepository.GetByIdAsync(userId);
+            await AcceptUserAsync(orgUser, user, userService);
+        }
    }

    public async Task<OrganizationUser> InviteUserAsync(Guid organizationId, Guid? invitingUserId, string email,